Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:EF9425A082C1382E2FA26B6D0785BEDDHistoryMay 24, 2013 - 6:27 p.m.
Improper authorization checks in documents - ownCloud
2013-05-2418:27:42
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
33
0.002 Low
EPSS
Percentile
56.6%
Due to not verifying whether an user has permission to rename files of other users an authenticated user could rename files of other users without permission.
Affected Software
- ownCloud Server < 6.0.3 (CVE-2014-3834)
Action Taken
We reviewed the access-control of the documents application and ensured that permissions are checked properly for every action.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 6.0.3 |
Related
cve
cve
CVE-2014-3834
2014-06-04 14:55:04
ubuntucve
ubuntucve
CVE-2014-3834
2014-06-04 00:00:00
nvd
nvd
CVE-2014-3834
2014-06-04 14:55:04
owncloud
owncloud
Improper authorization checks in contacts - ownCloud
2014-05-24 18:26:28
Server: Improper authorization checks in contacts
2014-05-24 11:54:29
Server: Improper authorization checks in documents
2014-05-24 11:54:29
cvelist
cvelist
CVE-2014-3834
2014-06-04 14:00:00
prion
prion
Code injection
2014-06-04 14:55:00
openvas
openvas
ownCloud Multiple Vulnerabilities-03 (Jul 2014)
2014-07-03 00:00:00